Attackers don’t take a day off. That’s why the summer holidays this year are also ransomware season – attackers are most successful with exploits when IT could be unavailable on vacation.
The latest PrintNightmare exploit is another good example. Discovered June 29th, this remotely exploitable vulnerability allows remote code execution – and was quickly integrated with attack tools like Mimikatz and Metasploit for testing and credential stealing to cause further damage.
Windows servers or any Windows machine running the Print Spooler service could be exploited, including domain controllers. Windows runs Print Spooler by default, meaning if the service is not actively disabled, an exploited remote authenticated user could execute code as a system user on the domain controller itself – gaining a foothold to Active Directory and any systems connected on the network.
Experts called for admins to disable Print Spooler for domain controllers during the lead-up to the July 4th US holiday weekend, when some of us were already one foot out the door. Anyone who didn’t catch it in time could have had even less of a vacation cleaning up the issues reactively. Microsoft released patches and guidance July 13th. But we’re far from the end of 'High-Security Summer.'
Want to get away from it all this season? The reality is, when the rest of us clock out, attackers work overtime – especially now. Hybrid and work-from-anywhere users continue to require support, many relying on VPN that gives full network access back to the corporate office, or reactive remote endpoint security that detects exploits after the fact, sometimes hours or days after for zero-day threats or modified strains. This won’t improve as parts of the world open up from quarantine and vacation travel resumes, leaving many offices running lean at reduced operations for holiday coverage – including IT and security. Attackers will capitalize on who’s out of the office in more ways than one.
End-to-End Zero Trust – Anywhere
For those who want a day off, the answer is reducing the attack surface of your environment and preventing the spread of breaches by segmenting your network with simple Zero Trust policy.
- Easily lock down services from endpoints to prevent unnecessary connections and enforce least privilege. Why should remote endpoints be running print spoolers for the office when they are not in the office? Lock it down.
- Ringfence high-value assets in your data center or cloud with granular policy to maintain least privilege access for IT admin users, and prevent attackers accessing critical infrastructure through lateral movement from an initial breach – including domain controllers, where they could potentially gain credentials to access anything connected on the network.
Sound too good to be true? What if deploying Zero Trust were as “set-it-and-forget-it” as setting up your Out-of-Office automatic responses?
Simple-to-deploy Zero Trust with Illumio makes this possible:
- Allow policy to be easily created and moved into enforcement based on your actual discovered network traffic with full visibility and easy-to-understand labeling.
- No surprises from blocked flows that could disrupt business – or even take down the network with infrastructure-based segmentation tools that run on switches and routers.
- Monitor and control your entire data estate, with visibility and consistent policy across endpoints, data center, cloud, containers, VMs, bare metal and more.
- Integrate with your existing SIEM and SOAR security stack for a full automated response workflow with alerting and quarantining.
Deploying simple Zero Trust with Illumio is the fastest path to gain visibility, ensure least privilege, and prevent lateral movement with enforcement that follows the user, and doesn’t rely on the corporate network or any infrastructure dependency.
Lock down and protect all your critical assets from the spread of breaches across your network with uniform Zero Trust policy from Illumio.